SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms
draft-hansen-scram-sha256-04
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2015-11-01
|
04 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2015-10-19
|
04 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2015-10-19
|
04 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2015-10-14
|
04 | (System) | Notify list changed from draft-hansen-scram-sha256.ad@ietf.org, draft-hansen-scram-sha256.shepherd@ietf.org, draft-hansen-scram-sha256@ietf.org, alexey.melnikov@isode.com, tony+scramsha256@maillennium.att.com to (None) |
2015-09-21
|
04 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2015-09-21
|
04 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2015-09-21
|
04 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2015-09-20
|
04 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2015-09-08
|
04 | (System) | RFC Editor state changed to EDIT |
2015-09-08
|
04 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2015-09-08
|
04 | (System) | Announcement was received by RFC Editor |
2015-09-08
|
04 | (System) | IANA Action state changed to In Progress |
2015-09-08
|
04 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::Point Raised - writeup needed |
2015-09-08
|
04 | Amy Vezza | IESG has approved the document |
2015-09-08
|
04 | Amy Vezza | Closed "Approve" ballot |
2015-09-08
|
04 | Amy Vezza | Ballot approval text was generated |
2015-09-08
|
04 | Amy Vezza | Ballot writeup was changed |
2015-09-04
|
04 | Stephen Farrell | Ballot writeup was changed |
2015-09-03
|
04 | Tero Kivinen | Request for Telechat review by SECDIR Completed: Ready. Reviewer: Vincent Roca. |
2015-09-03
|
04 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation |
2015-09-03
|
04 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2015-09-02
|
04 | Ben Campbell | [Ballot comment] -- abstract: Spurious colon == 5.2, first "note" I tend to think of anything marked as "note", at least without further explanation, as … [Ballot comment] -- abstract: Spurious colon == 5.2, first "note" I tend to think of anything marked as "note", at least without further explanation, as a sidebar or parenthetical information. From that perspective, they probably aren't a good place for 2119 keywords. I suggest removing the "note" label. |
2015-09-02
|
04 | Ben Campbell | [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell |
2015-09-02
|
04 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2015-09-02
|
04 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2015-09-01
|
04 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2015-09-01
|
04 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2015-09-01
|
04 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2015-09-01
|
04 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2015-09-01
|
04 | Benoît Claise | [Ballot comment] Nits in the abstract: registers: -> registers provdes -> provides |
2015-09-01
|
04 | Benoît Claise | Ballot comment text updated for Benoit Claise |
2015-09-01
|
04 | Benoît Claise | [Ballot comment] Nits in the abstracts registers: -> registers |
2015-09-01
|
04 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2015-08-31
|
04 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2015-08-28
|
04 | Brian Haberman | [Ballot comment] No issues with the publication of this draft. Just a grammatical issue to pick at. * Abstract : s/provdes guidance for secure implentation/provides … [Ballot comment] No issues with the publication of this draft. Just a grammatical issue to pick at. * Abstract : s/provdes guidance for secure implentation/provides guidance for secure implementation/ |
2015-08-28
|
04 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
2015-08-27
|
04 | Jean Mahoney | Request for Telechat review by GENART is assigned to Robert Sparks |
2015-08-27
|
04 | Jean Mahoney | Request for Telechat review by GENART is assigned to Robert Sparks |
2015-08-27
|
04 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Vincent Roca |
2015-08-27
|
04 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Vincent Roca |
2015-08-25
|
04 | Amanda Baber | IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK |
2015-08-25
|
04 | (System) | IANA Review state changed to IANA - Not OK from Version Changed - Review Needed |
2015-08-25
|
04 | Amanda Baber | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-hansen-scram-sha256-03. Please see below for our reviewer's description of the proposed actions, as we understand them. If … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-hansen-scram-sha256-03. Please see below for our reviewer's description of the proposed actions, as we understand them. If anything is inaccurate, please let us know. IANA has a question about one of the actions requested in the IANA Considerations section of this document. IANA understands that, upon approval of this document, there are two actions which IANA must complete. First, in the Simple Authentication and Security Layer (SASL) Mechanisms registry located at: http://www.iana.org/assignments/sasl-mechanisms/ IANA notes that the template for SCRAM-* registrations is changed by section 5.1 of the current document. In particular, IANA notes that requests now go to the Kitten mailing list instead of the SASL mailing list and that the note at the bottom of the template has changed. IANA Question -> Should http://www.iana.org/assignments/sasl-mechanisms/ be updated to reflect this change and reference [ RFC-to-be ]? Second, also in the Simple Authentication and Security Layer (SASL) Mechanisms registry located at: http://www.iana.org/assignments/sasl-mechanisms/ a new subregistry is to be created for members of the SCRAM family of SASL mecanisms. The new subregistry will be called the SASL SCCRAM Family Mechanisms registry. The registration procedure for the new subregistry is IETF Review as defined by RFC 5226 and review on the KITTEN mailing list. A template has been provided in section 5.2 for adding entries to the new subregistry. IANA intends to add the following note to the top of this new registry: "At publication of a new SASL SCRAM Family Mechanism, a new GSS-API mechanism OID for this mechanism will be assigned from the iso.org.dod.internet.security.mechanisms prefix (see the "SMI Security for Mechanism Codes" registry) and the value for "TBD-BY-IANA" in the template above wll be filled in. Only one OID needs to be assigned for a SCRAM- and SCRAM--PLUS pair. The same OID should be assigned to both entries in the registry." The existing entries for SASL SCRAM-SHA-1 and SCRAM-SHA-1-PLUS are to be moved from the existing SASL Mechanism registry to the new SASL SCRAM Family Mechanism registry. The new subregistry has the following initial contents: Mechanism Usage Minimum Iteration Count AssociatedOID Reference Owner --------+---------+---------+------------------+-------------+------- SCRAM-SHA-1 COMMON 4096 1.3.6.1.5.5.14 [RFC5208] IESG SCRAM-SHA-1-PLUS COMMON 4096 1.3.6.1.5.5.14 [RFC5208] IESG SCRAM-SHA-256 COMMON 4096 [ TBD-at-registration ] [ RFC-to-be ] IESG SCRAM-SHA-256-PLUS COMMON 4096 [ TBD-at-registration ] [ RFC-to-be ] IESG The associated OID for SCRAM-SHA-256 and SCRAM-SHA-256-PLUS will be assigned from the iso.org.dod.internet.security.mechanisms prefix registry (see the "SMI Security for Mechanism Codes" registry) at http://www.iana.org/assignments/smi-numbers. IANA understands that these actions are the only ones required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. |
2015-08-25
|
04 | Stephen Farrell | Placed on agenda for telechat - 2015-09-03 |
2015-08-25
|
04 | Stephen Farrell | IESG state changed to IESG Evaluation from Waiting for Writeup::AD Followup |
2015-08-25
|
04 | Stephen Farrell | Changed consensus to Yes from Unknown |
2015-08-25
|
04 | Stephen Farrell | Ballot has been issued |
2015-08-25
|
04 | Stephen Farrell | [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell |
2015-08-25
|
04 | Stephen Farrell | Created "Approve" ballot |
2015-08-25
|
04 | Stephen Farrell | Ballot writeup was changed |
2015-08-25
|
04 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2015-08-25
|
04 | Tony Hansen | New version available: draft-hansen-scram-sha256-04.txt |
2015-08-25
|
03 | Stephen Farrell | IESG state changed to Waiting for Writeup::Revised I-D Needed from Waiting for Writeup |
2015-08-25
|
03 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2015-08-04
|
03 | Robert Sparks | Request for Last Call review by GENART Completed: Ready. Reviewer: Robert Sparks. |
2015-07-30
|
03 | Jean Mahoney | Request for Last Call review by GENART is assigned to Robert Sparks |
2015-07-30
|
03 | Jean Mahoney | Request for Last Call review by GENART is assigned to Robert Sparks |
2015-07-30
|
03 | Tero Kivinen | Closed request for Last Call review by SECDIR with state 'Withdrawn' |
2015-07-30
|
03 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Vincent Roca |
2015-07-30
|
03 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Vincent Roca |
2015-07-28
|
03 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce Reply-To: ietf@ietf.org Sender: Subject: Last Call: (SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms) to … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce Reply-To: ietf@ietf.org Sender: Subject: Last Call: (SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms) to Proposed Standard The IESG has received a request from an individual submitter to consider the following document: - 'SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-08-25. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document registers the SASL mechanisms SCRAM-SHA-256 and SCRAM- SHA-256-PLUS. It also updates the SCRAM registration procedures of RFC 5802. The file can be obtained via https://datatracker.ietf.org/doc/draft-hansen-scram-sha256/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-hansen-scram-sha256/ballot/ No IPR declarations have been submitted directly on this I-D. This is a second IETF last call. The first time this was aiming for informational but as a result of that proposed standard was deemed necessary. |
2015-07-28
|
03 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2015-07-28
|
03 | Amy Vezza | Last call announcement was changed |
2015-07-26
|
03 | Stephen Farrell | Last call was requested |
2015-07-26
|
03 | Stephen Farrell | IESG state changed to Last Call Requested from Waiting for AD Go-Ahead |
2015-07-26
|
03 | Stephen Farrell | Last call announcement was changed |
2015-07-26
|
03 | Stephen Farrell | Last call announcement was generated |
2015-07-26
|
03 | Stephen Farrell | Intended Status changed to Proposed Standard from Informational |
2015-07-26
|
03 | Alexey Melnikov | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. 1. Summary Alexey Melnikov is the document shepherd. Stephen … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. 1. Summary Alexey Melnikov is the document shepherd. Stephen Farrell is the responsible Area Director. This document registers the SASL mechanisms SCRAM-SHA-256 and SCRAM-SHA-256-PLUS. It also updates the SCRAM mechanism registration procedures of RFC 5802, by updating the mailing list reference and adding a few more requirements. 2. Review and Consensus While this is an individual submission, the document had adequate number of reviews on the Kitten mailing list. It was also mentioned/discussed in the HTTPAUTH WG. The document is pretty straigtforward, but one issue resulted in a longer discussion: tls-unique channel binding is now known to be broken unless use of draft-ietf-tls-session-hash-06 TLS extension is negotiated. While ideally the base SCRAM document should have been updated to mention this, it is useful to mention this issue in this draft. The document was reviewed by GenArt and SecDir. No major issues were found. One question was asked about whether it is Ok for an Informational document to update a Standards Track document. The document was changed to Standards Track as the result of this question. A couple of implementations of this document are planned. 3. Intellectual Property Author confirmed that he knows of no IPR related to this document. 4. Other Points IANA initially had some questions, but all issues were clarified in the latest version. IDnits reports that there are 2 instances of lines with non-RFC2606-compliant FQDNs in the document, but the document shepherd thinks that these are false positives. |
2015-07-20
|
03 | Stephen Farrell | IESG state changed to Waiting for AD Go-Ahead from Waiting for Writeup::AD Followup |
2015-07-20
|
03 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2015-07-20
|
03 | Tony Hansen | IANA Review state changed to Version Changed - Review Needed from IANA - Not OK |
2015-07-20
|
03 | Tony Hansen | New version available: draft-hansen-scram-sha256-03.txt |
2015-05-16
|
02 | Stephen Farrell | IESG state changed to Waiting for Writeup::Revised I-D Needed from Waiting for Writeup |
2015-05-15
|
02 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Vincent Roca. |
2015-05-04
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Mehmet Ersue. |
2015-04-24
|
02 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2015-04-23
|
02 | (System) | IANA Review state changed to IANA - Not OK from IANA - Review Needed |
2015-04-23
|
02 | Pearl Liang | IESG/Author/WG Chairs: IANA has reviewed draft-hansen-scram-sha256-02. Authors should review the comments and/or questions below. Please report any inaccuracies and respond to any questions as soon … IESG/Author/WG Chairs: IANA has reviewed draft-hansen-scram-sha256-02. Authors should review the comments and/or questions below. Please report any inaccuracies and respond to any questions as soon as possible. IANA has questions about one of the actions requested in the IANA Considerations section of this document. We received the following comments/questions from the IANA's reviewer: IANA understands that, upon approval of this document, there are three actions which must be completed. First, in the SASL Mechanisms subregistry of the Simple Authentication and Security Layer (SASL) Mechanisms registry located in: http://www.iana.org/assignments/sasl-mechanisms/ IANA understands that the authors would like to add two fields. Those fields are: - Minimum iteration-count - Associated OID IANA Question --> IANA believes that the SCRAM family of SASL mechanisms shares the registry with all the other SASL mechanisms. Do the authors intend that these new columns be applied to all SASL mechanisms, or request that a separate subregistry for the SCRAM family of SASL mechanisms be created, or some other approach of adding the fields for the registry? Question 2: According to the SASL registry, Expert Review with mailing list is required for family name registrations. We will initiate the required Expert Review via a separate request. Expert review will need to be completed before your document can be approved for publication as an RFC. Has the author contacted the the mailing list? Question 3: Can you confirm if the following is to update an existing entry "SCRAM-*" in the SASL registry? To: iana@iana.org Subject: Registration of a new SASL family SCRAM SASL mechanism name (or prefix for the family): SCRAM-* Security considerations: Section 7 of [RFC5802] Published specification (optional, recommended): RFCXXXX Minimum iteration-count: The minimum iteration-count that servers SHOULD announce Associated OID: IANA SHOULD assign a GSS-API mechanism OID for this mechanism from the iso.org.dod.internet.security.mechanisms prefix (see the "SMI Security for Mechanism Codes" registry). Only one OID needs to be assigned for a SCRAM-* and SCRAM-*-PLUS pair. The same OID should be assigned to both entries in the registry. Person & email address to contact for further information: IETF KITTEN WG kitten@ietf.org Intended usage: COMMON Owner/Change controller: IESG iesg@ietf.org Note: Members of this family MUST be explicitly registered using the "IETF Review" [RFC5226] registration procedure. Reviews MUST be requested on the KITTEN mailing list kitten@ietf.org (or a successor designated by the responsible Security AD). Should the new entry be updated as follows? OLD: SCRAM-* COMMON [RFC5802] [IESG] NEW: SCRAM-* COMMON [RFC5802]RFCXXXX [IESG] Question 4: The text "the email address for reviews has been updated." is noted in the IANA Considerations section. Can the author please clarify "which" email address has been updated? Do you refer to the mailing list address for reviews for new registrations? Is the KITTEN mailing list kitten@ietf.org now the mailing list address in addition to Expert review for family name registrations? Second, in the SMI Security for Mechanism Codes subregistry of the Structure of Management Information (SMI) Numbers (MIB Module Registrations) registry located at: http://www.iana.org/assignments/smi-numbers/ a new code will be added as follows: OID Value: [ TBD-at-registration ] Name: scramsha256 Description: SCRAM-SHA-256 Reference: [ RFC-to-be ] Third, IANA understands that the following will be updated to the SASL Mechanisms subregistry of the Simple Authentication and Security Layer (SASL) Mechanisms registry located in: http://www.iana.org/assignments/sasl-mechanisms/ (Two modifications and two additions): Mechanism Usage Minimum Associated Reference Owner Iteration Count OID ----------------------+-----------+------------------+------------------------+---------------+------------------- SCRAM-SHA-1 COMMON 4096 1.3.6.1.5.5.14 [RFC5208] IESG SCRAM-SHA-1-PLUS COMMON 4096 1.3.6.1.5.5.14 [RFC5208] IESG SCRAM-SHA-256 COMMON 4096 [ TBD-AT-REGISTRATION ] [ RFC-to-be ] IESG SCRAM-SHA-256-PLUS COMMON 4096 [ TBD-AT-REGISTRATION ] [ RFC-to-be ] IESG Note that the OID to be supplied is the single OID created in step two above. IANA understands that these three actions are the only ones required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. Please note that IANA cannot reserve specific values. However, early allocation is available for some types of registrations. For more information, please see RFC 7120. |
2015-04-07
|
02 | Robert Sparks | Request for Last Call review by GENART Completed: Ready with Nits. Reviewer: Robert Sparks. |
2015-04-02
|
02 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Vincent Roca |
2015-04-02
|
02 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Vincent Roca |
2015-03-28
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Mehmet Ersue |
2015-03-28
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Mehmet Ersue |
2015-03-27
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Robert Sparks |
2015-03-27
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Robert Sparks |
2015-03-27
|
02 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2015-03-27
|
02 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce Reply-To: ietf@ietf.org Sender: Subject: Last Call: (SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms) to … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce Reply-To: ietf@ietf.org Sender: Subject: Last Call: (SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms) to Informational RFC The IESG has received a request from an individual submitter to consider the following document: - 'SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-04-24. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document registers the SASL mechanisms SCRAM-SHA-256 and SCRAM- SHA-256-PLUS. It also updates RFC 5802 in minor ways. The file can be obtained via http://datatracker.ietf.org/doc/draft-hansen-scram-sha256/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-hansen-scram-sha256/ballot/ No IPR declarations have been submitted directly on this I-D. ID nits notes a reference to RFC2119 is needed. We'll fix that. |
2015-03-27
|
02 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2015-03-27
|
02 | Stephen Farrell | Last call was requested |
2015-03-27
|
02 | Stephen Farrell | Ballot approval text was generated |
2015-03-27
|
02 | Stephen Farrell | Ballot writeup was generated |
2015-03-27
|
02 | Stephen Farrell | IESG state changed to Last Call Requested from Publication Requested |
2015-03-27
|
02 | Stephen Farrell | Last call announcement was changed |
2015-03-27
|
02 | Stephen Farrell | Last call announcement was generated |
2015-02-11
|
02 | Stephen Farrell | IESG process started in state Publication Requested |
2015-02-11
|
02 | Stephen Farrell | IETF WG state changed to Submitted to IESG for Publication |
2015-02-11
|
02 | Stephen Farrell | Shepherding AD changed to Stephen Farrell |
2015-02-11
|
02 | Stephen Farrell | Notification list changed to "Alexey Melnikov" <alexey.melnikov@isode.com> |
2015-02-11
|
02 | Stephen Farrell | Document shepherd changed to Alexey Melnikov |
2015-02-11
|
02 | Stephen Farrell | Intended Status changed to Informational from None |
2015-02-11
|
02 | Stephen Farrell | Stream changed to IETF from None |
2014-10-27
|
02 | Tony Hansen | New version available: draft-hansen-scram-sha256-02.txt |
2014-07-24
|
01 | Tony Hansen | New version available: draft-hansen-scram-sha256-01.txt |
2014-04-11
|
00 | Tony Hansen | New version available: draft-hansen-scram-sha256-00.txt |